Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
277
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 107 of 157
CVE-2014-4438MEDIUMCVSS 6.9≤ 10.9.52014-10-18
CVE-2014-4438 [MEDIUM] CWE-362 CVE-2014-4438: Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to ob
Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.
nvd
CVE-2014-4439MEDIUMCVSS 4.3≤ 10.9.52014-10-18
CVE-2014-4439 [MEDIUM] CWE-200 CVE-2014-4439: Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.
nvd
CVE-2014-4431LOWCVSS 2.1≤ 10.9.52014-10-18
CVE-2014-4431 [LOW] CWE-264 CVE-2014-4431: Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physica
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.
nvd
CVE-2014-4440LOWCVSS 2.6≤ 10.9.52014-10-18
CVE-2014-4440 [LOW] CWE-16 CVE-2014-4440: The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server.
nvd
CVE-2014-3566LOWCVSS 3.4PoC≤ 10.10.12014-10-15
CVE-2014-3566 [LOW] CWE-310 CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CB
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
nvd
CVE-2014-7185MEDIUMCVSS 6.4≤ 10.10.42014-10-08
CVE-2014-7185 [MEDIUM] CWE-189 CVE-2014-7185: Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obta
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
nvd
CVE-2014-3565MEDIUMCVSS 5.0v10.11.02014-10-07
CVE-2014-3565 [MEDIUM] CWE-399 CVE-2014-3565: snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
nvd
CVE-2014-7169CRITICALCVSS 9.8KEVPoC≥ 10.0.0, < 10.10.02014-09-25
CVE-2014-7169 [CRITICAL] CVE-2014-7169: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definiti
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgi
nvd
CVE-2014-6271CRITICALCVSS 9.8KEVPoC≥ 10.0.0, < 10.10.02014-09-24
CVE-2014-6271 [CRITICAL] CWE-78 CVE-2014-6271: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environm
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts execute
nvd
CVE-2014-4402CRITICALCVSS 9.3v10.9v10.9.1+3 more2014-09-19
CVE-2014-4402 [CRITICAL] CWE-119 CVE-2014-4402: An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking
An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
nvd
CVE-2014-4390CRITICALCVSS 9.3v10.9v10.9.1+3 more2014-09-19
CVE-2014-4390 [CRITICAL] CWE-20 CVE-2014-4390: Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers t
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
nvd
CVE-2014-4376CRITICALCVSS 10.0v10.8.5v10.9+4 more2014-09-19
CVE-2014-4376 [CRITICAL] CVE-2014-4376: IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code
IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.
nvd
CVE-2014-4393CRITICALCVSS 10.0v10.8.5v10.9+4 more2014-09-19
CVE-2014-4393 [CRITICAL] CWE-119 CVE-2014-4393: Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 1
Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.
nvd
CVE-2014-4395MEDIUMCVSS 6.9v10.8.5v10.9+4 more2014-09-19
CVE-2014-4395 [MEDIUM] CVE-2014-4395: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-
nvd
CVE-2014-4416MEDIUMCVSS 6.9v10.8.5v10.9+4 more2014-09-19
CVE-2014-4416 [MEDIUM] CVE-2014-4416: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-
nvd
CVE-2014-4399MEDIUMCVSS 6.9v10.8.5v10.9+4 more2014-09-19
CVE-2014-4399 [MEDIUM] CVE-2014-4399: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-
nvd
CVE-2014-4400MEDIUMCVSS 6.9v10.8.5v10.9+4 more2014-09-19
CVE-2014-4400 [MEDIUM] CVE-2014-4400: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-
nvd
CVE-2014-4350MEDIUMCVSS 6.8v10.7.5v10.8.5+5 more2014-09-19
CVE-2014-4350 [MEDIUM] CWE-119 CVE-2014-4350: Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execut
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.
nvd
CVE-2014-4396MEDIUMCVSS 6.9v10.8.5v10.9+4 more2014-09-19
CVE-2014-4396 [MEDIUM] CVE-2014-4396: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-
nvd
CVE-2014-4401MEDIUMCVSS 6.9v10.8.5v10.9+4 more2014-09-19
CVE-2014-4401 [MEDIUM] CVE-2014-4401: An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-
nvd